--- a/easy-rsa/2.0/build-ca
+++ b/easy-rsa/2.0/build-ca
@@ -5,4 +5,4 @@
 #
 
 export EASY_RSA="${EASY_RSA:-.}"
-"$EASY_RSA/pkitool" --interact --initca $*
+"/usr/sbin/pkitool" --interact --initca $*
--- a/easy-rsa/2.0/build-dh
+++ b/easy-rsa/2.0/build-dh
@@ -1,5 +1,7 @@
 #!/bin/sh
 
+. /etc/easy-rsa/vars
+
 # Build Diffie-Hellman parameters for the server side
 # of an SSL/TLS connection.
 
--- a/easy-rsa/2.0/build-inter
+++ b/easy-rsa/2.0/build-inter
@@ -4,4 +4,4 @@
 # root certificate.
 
 export EASY_RSA="${EASY_RSA:-.}"
-"$EASY_RSA/pkitool" --interact --inter $*
+"/usr/sbin/pkitool" --interact --inter $*
--- a/easy-rsa/2.0/build-key
+++ b/easy-rsa/2.0/build-key
@@ -4,4 +4,4 @@
 # root certificate.
 
 export EASY_RSA="${EASY_RSA:-.}"
-"$EASY_RSA/pkitool" --interact $*
+"/usr/sbin/pkitool" --interact $*
--- a/easy-rsa/2.0/build-key-pass
+++ b/easy-rsa/2.0/build-key-pass
@@ -4,4 +4,4 @@
 # with a password.
 
 export EASY_RSA="${EASY_RSA:-.}"
-"$EASY_RSA/pkitool" --interact --pass $*
+"/usr/sbin/pkitool" --interact --pass $*
--- a/easy-rsa/2.0/build-key-pkcs12
+++ b/easy-rsa/2.0/build-key-pkcs12
@@ -5,4 +5,4 @@
 # the CA certificate as well.
 
 export EASY_RSA="${EASY_RSA:-.}"
-"$EASY_RSA/pkitool" --interact --pkcs12 $*
+"/usr/sbin/pkitool" --interact --pkcs12 $*
--- a/easy-rsa/2.0/build-key-server
+++ b/easy-rsa/2.0/build-key-server
@@ -7,4 +7,4 @@
 # extension in the openssl.cnf file.
 
 export EASY_RSA="${EASY_RSA:-.}"
-"$EASY_RSA/pkitool" --interact --server $*
+"/usr/sbin/pkitool" --interact --server $*
--- a/easy-rsa/2.0/build-req
+++ b/easy-rsa/2.0/build-req
@@ -4,4 +4,4 @@
 # when your root certificate and key is not available locally.
 
 export EASY_RSA="${EASY_RSA:-.}"
-"$EASY_RSA/pkitool" --interact --csr $*
+"/usr/sbin/pkitool" --interact --csr $*
--- a/easy-rsa/2.0/build-req-pass
+++ b/easy-rsa/2.0/build-req-pass
@@ -4,4 +4,4 @@
 # with a password.
 
 export EASY_RSA="${EASY_RSA:-.}"
-"$EASY_RSA/pkitool" --interact --csr --pass $*
+"/usr/sbin/pkitool" --interact --csr --pass $*
--- a/easy-rsa/2.0/clean-all
+++ b/easy-rsa/2.0/clean-all
@@ -1,5 +1,7 @@
 #!/bin/sh
 
+. /etc/easy-rsa/vars
+
 # Initialize the $KEY_DIR directory.
 # Note that this script does a
 # rm -rf on $KEY_DIR so be careful!
--- a/easy-rsa/2.0/inherit-inter
+++ b/easy-rsa/2.0/inherit-inter
@@ -1,5 +1,7 @@
 #!/bin/sh
 
+. /etc/easy-rsa/vars
+
 # Build a new PKI which is rooted on an intermediate certificate generated
 # by ./build-inter or ./pkitool --inter from a parent PKI.  The new PKI should
 # have independent vars settings, and must use a different KEY_DIR directory
--- a/easy-rsa/2.0/list-crl
+++ b/easy-rsa/2.0/list-crl
@@ -1,5 +1,7 @@
 #!/bin/sh
 
+. /etc/easy-rsa/vars
+
 # list revoked certificates
 
 CRL="${1:-crl.pem}"
--- a/easy-rsa/2.0/pkitool
+++ b/easy-rsa/2.0/pkitool
@@ -1,5 +1,7 @@
 #!/bin/sh
 
+. /etc/easy-rsa/vars
+
 #  OpenVPN -- An application to securely tunnel IP networks
 #             over a single TCP/UDP port, with support for SSL/TLS-based
 #             session authentication and key exchange,
--- a/easy-rsa/2.0/revoke-full
+++ b/easy-rsa/2.0/revoke-full
@@ -1,5 +1,7 @@
 #!/bin/sh
 
+. /etc/easy-rsa/vars
+
 # revoke a certificate, regenerate CRL,
 # and verify revocation
 
--- a/easy-rsa/2.0/sign-req
+++ b/easy-rsa/2.0/sign-req
@@ -4,4 +4,4 @@
 # with a local root certificate and key.
 
 export EASY_RSA="${EASY_RSA:-.}"
-"$EASY_RSA/pkitool" --interact --sign $*
+"/usr/sbin/pkitool" --interact --sign $*
--- a/easy-rsa/2.0/vars
+++ b/easy-rsa/2.0/vars
@@ -12,7 +12,7 @@
 # This variable should point to
 # the top level of the easy-rsa
 # tree.
-export EASY_RSA="`pwd`"
+export EASY_RSA="/etc/easy-rsa"
 
 #
 # This variable should point to
@@ -26,7 +26,7 @@
 # This variable should point to
 # the openssl.cnf file included
 # with easy-rsa.
-export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
+export KEY_CONFIG=`/usr/sbin/whichopensslcnf $EASY_RSA`
 
 # Edit this variable to point to
 # your soon-to-be-created key
